Basic risk analysis and management recommendations.

Risk management is the process of making and executing management decisions

aimed at reducing the likelihood of an unfavorable result and minimizing possible
losses caused by its implementation.
The tasks of the employees of the Information security department include the
duties of notifying the organization's executives about existing and potential
threats. Reports should be accompanied by analytical calculations, indicators,
facts.
Risk analysis consists in identifying the existing risks and assessing their
magnitude. The analysis process provides for the solution of the following tasks:
1. Determination of the main IP resources.
2. Determining the importance of various resources for the organization
3. Identification of existing threats and security vulnerabilities, possible threat
implementations.
4. Calculation of risks associated with the implementation of security threats.
 IP funds are allocated to the following categories:
 IP Resources
 Software
 Technical support (network equipment, servers, data center, work
computers, etc.)
 Human resources
The main purpose of risk management is to select a reasonable set of measures to
reduce the level of risk of threat to a minimum level. The cost of implementation
should not exceed the amount of possible damage.
Risk analysis is carried out based on the immediate goals and objectives of
protecting a certain type of confidential information. The most important task in
the framework of ensuring the protection of information is to ensure its availability
and integrity.
In order to develop a reliable comprehensive information security system of the
enterprise, it is necessary:
 Identify all possible security threats that could lead to an unauthorized attack
 To assess the consequences of the manifestations of threats
 Develop the necessary methods and means of protection, taking into account
the regulatory requirements of regulatory documents.
 Economic feasibility, conflict-free, compatibility with the software used.
  Evaluation of the effectiveness of the chosen method and means of
protection
The efficiency analysis will provide an opportunity to see the minimized
vulnerability parameters and the overall damage of all risks, which will strengthen
the security regime of the IT organization. Evaluating the effectiveness of a
comprehensive information security system is a systematic process of obtaining an
objective assessment of data on the current state of the system. At this stage,
monitoring is carried out by pre-established measures aimed at reducing the
aggregate loss or the frequency of occurrence of risks. The effectiveness of
protection measures should be evaluated at the development stage in order to
obtain optimal performance indicators of the integrated system as a whole.
References:
https://cyberleninka.ru/article/n/risk-analysis-and-management-basic-concepts-and-principles

https://www.researchgate.net/publication/353436973_Information_Security_Risk_Assessment

Link to verification:
https://text.ru/antiplagiat/6392da4e9dbcd